No smoke without malware: do you know E-Cigarettes can compromise your system?

Feb 22, 2015


2014 saw the e-cigarette (e-cig) boom in popularity and as people start making their New Year’s resolutions more smokers may consider it as an option in an attempt to give up. When the e-cig is lit up, it heats the liquid nicotine and the liquid turns into vapour, which is then vaped (a word which has also been recently added to the Oxford English Dictionary). Although vaping seems to be an easier alternative to going cold turkey, like many other gadgets available in the market, the e-cig is also vulnerable to security threats.

It’s a health product, so what’s the problem?

E-cigs can be charged over USB, either with a specific cable or by plugging the device directly into a USB port. Like any other USB port, this can be plugged into a wall socket or the port on a computer. If an e-cig from an untrustworthy supplier is purchased, there is a chance that the charger or even the e-cig device itself hardcoded with malware. When this charger is plugged into the USB port of the system, it gains physical access to the system and the malware connects back to the originating source to infect the system it is plugged into, thus compromising the user data. This type of malware is able to find its way to your data even on a patched system with anti-virus and malware protection. This happened recently to a well-known company when one of their executives charged an e-cig through their laptop. The malware was sophisticated enough to fake the signatures present on the system so that it appeared to be a genuine application, meaning that it was not blacklisted by the antivirus software and malware protection.

What precautions should I be taking when using e-cigs?

There are always new vulnerabilities to exploit that can let people do unwanted things on your machine no matter how careful you are with patches, updates and malware protection.
So to protect oneself from such attacks you should purchase e-cig from a well-known and trusted supplier or even from the manufacturer themselves. Also, where possible, you should charge your e-cig using the wall socket instead of plugging it into your computer.
Another way to prevent such an attack is to disable the data pins on the USB, thus making the cable charge-only and preventing any information from being exchanged between the devices it connects. This can be achieved in many ways, one of them being USBCondom, a gadget that connects to the USB and makes the data pins ineffective. The USBCondom provides a protective barrier between your device and hackers by transforming a normal USB cable into a charge-only cable by cutting off the data pins in the USB cable and only allowing only the power pins to connect to the device.

With the rapid advancement in the technology, use of e-cigs may be a good way to kick the habit, by following some simple precautions, you can ensure you are doing the best for not only your own health, but your system’s health as well.

If you want to know more about malware, or how you can ensure your system is secure from attack, get in touch with us on hacksight@paconsulting.com.

e-cig